FBI used autistic New Yorker to nail Anonymous hacker

A British computer hacker arrested in 2011 for breaching the website of internet news company Gawker was apprehended with the help of a former acquaintance from outside Albany, New York, according to just leaked, previously unpublished court files.

The documents — posted to the web on Tuesday this week by the
Smoking Gun — for the first time reveals how
law enforcement agencies from across the world were able to
narrow in on a South London hacker who took credit for
compromising the computer networks of Gawker, among others,
nearly three years ago.

According to 28-pages of court documents published on the Smoking
Gun’s website this week, an autistic Troy, NY man involved in the
Gawker breach helped point officers with the Federal Bureau of
Investigation towards the Brit — a computer hacker known as Kayla
— in June 2011 amidst the ongoing probe into the hacktivist
movement Anonymous and its offshoots, including LulzSec and
Internet Feds.

With the cooperation of Thomas “Eekdacat” Madden, the Smoking Gun
reported, authorities abroad were able to locate Kayla and
successfully convict the person behind the handle, Ryan Ackroyd,
of computer crimes committed with Anonymous and its factions from
2010 up to just before his arrest. Ackroyd, now 27, was released
from prison in March after serving 10 months of a two-and-a-half
year sentence.

RT has reported extensively about how the arrest of hacker Hector
Xavier Monsegur, or “Sabu,” in June 2011 provided the FBI with
evidence that led to the arrests of several other Anonymous
hackers, including a Chicago man currently serving a 10-year
prison sentence. Only now, however, do
details about Madden and his active role in cooperating with
authorities demonstrate how the FBI used him to take down
Ackroyd, and perhaps others, starting just days after Monsegur
became an informant in exchange for leniency.

Excerpts from a federal search warrant published by the Smoking
Gun show that authorities arrested Madden, now 26, on June 29,
2011 after he was charged with hacking in a criminal complaint
filed in the Southern District of New York.

Madden appears in some of the Smoking Gun’s files as a
confidential witness (either CW-1 or CW-2, depending on the
documents) and, according to one of the files, he “attempted
to cooperate with law enforcement in the hopes of reducing [his]
sentencing liability" shortly after being detained.

In debriefings that occurred shortly after his arrest — and
without an attorney present, according to the website’s writers —
Madden allegedly told investigators that he was a member of the
online group “Gnosis” and, along with “Kayla,” participate in the
December 2010 hacking of Gawker that unearthed the email address
and passwords of hundreds of thousands of the website’s users.

Madden reportedly went on to tell the authorities that he
personally decrypted roughly 180,000 account passwords lifted
from Gawker’s network, and discussed that hack and others during
online conversations with the person behind the Kayla handle.

A separate search warrant published by The Smoking Gun this week
shows that Madden allowed authorities to see his instant
messenger contact list after he was arrested, which included an
entry labeled “Kayla.” Contact information for that account then
directed the FBI to an email address and Twitter account used by
the same “Kayla,” which provided the feds with enough evidence to
get a search warrant and pen register against the person that
ended up being identified as Ackroyd.

“Based on pen traffic obtained from the Kayla email account
and for the Kayla Twitter account, I learned the both had
accessed the Internet through one IP address based in the United
Kingdom on separate occasions,” the second warrant reads.
“Specifically the Kayla email account accessed the internet
on one occasion in December 2009 and again in March 2011 from
that IP address, and the Kayla Twitter account had accessed the
Internet on one occasion in June 2011 from that IP address.”

The FBI soon collaborated with UK law enforcement officials, who
in turn obtained internet records from the provider of that IP
address.

“By coordinating their surveillance with the Twitter account
activity, the investigators conducted a search, consistent with
UK law, of the residence,” the warrant read, eventually
allowing them to identify Ackroyd as Kayla.

According to the Smoking Gun, the apprehension of Madden months
earlier involved a whole other investigation of sorts. Madden’s
father told the Smoking Gun that his son had befriended a
classmate in college and “ended up getting fooled into doing
the homework for the person,” as well as tests and other
online projects. Eventually the younger Madden wised up and told
the classmate’s professor that the work being submitted was not
genuine, which prompted the cheating colleague to contact with a
vengeance the FBI and provide authorities with a chat transcript
in which Madden bragged about his role in the Gawker hack.

“The subsequent bureau probe, headed by Agent Olivia Olson,
used an assortment of subpoenas, as well as motor vehicle and
passport records to identify Madden as the hacker
‘Eekdacat,’” William Bastone and Andrew Goldberg wrote for
the Smoking Gun.

“Following his FBI debriefing — and nearly 12 hours after his
arrest — Madden made an initial appearance in a closed federal
courtroom in lower Manhattan,” they added. “A US
District Court magistrate released Madden on a $100,000 bond
secured by his father, and ordered that his Internet access would
only be ‘via an FBI monitored laptop.’”

Another document, dated May 17, 2012, confirms that the US
determined it was in the best interest to defer prosecuting
Madden for the computer crimes he admitted to in exchange for
good behavior and compliance with a list of rules, including
provisions that prevented him for six-months of engaging in
conversation with any non-law-abiding persons, on and off the
web. Half-a-year later, the case was terminated.

Speaking to The Smoking Gun over the Phone recently, Madden said
he had “no contact” with other hackers since his arrest and
suggested that he may have been mischaracterized by the FBI in
court filings. Shortly after his arrest, however, federal
prosecutor Rosemary Nidiry reported that Madden “actively is
cooperating with the government and has indicated an intent to
continue working proactively with the government.”

Madden, the Smoking Gun quoted Nidiry as saying, provided
investigators with “detailed information” about
suspected hackers and may be able to testify before a grand jury
“for purposes of obtaining an indictment against the
defendant’s accomplices and other individuals identified by the
defendant.”

“If I ever have to type the world LulzSec again it’ll be too
soon,” Madden tweeted from his @Eekdacat account only hours
before being arrested in 2011.

Monsegur, who weeks prior to that began helping authorities
infiltrate Anonymous and LulzSec, earlier this month had his
sentencing hearing adjourned for the seventh time in three years.